Charlotte 猫 Awoo Fide @confusedcharlot@awoo.space

Possibly the most embarrassing security failure I've ever seen from a corporation was when Twitter admitted in 2018 they had found a "bug" that was writing every password from every login *in plaintext* to a log somewhere, before it got encrypted like passwords are supposed to when you store them. https://www.cnet.com/tech/tech-industry/twitter-advises-all-users-to-change-passwords-after-glitch-that-exposed-some-in-plain-text/

Twitter never disclosed how long this had been going on, but they recommended EVERY Twitter user change their passwords, so potentially it went back to 2006.

FRIEND: It's called cauliflower. It's not ghost broccoli.

ME: [taking a long drag on my cigarette] Listen kid, I know what I saw.

I've seen a lot of people talking what-ifs of, with the new owner firing people at random and unplugging things without first finding out what they do, we might have a major event where Twitter goes down completely for days or something.

But what I haven't seen as much thought about is, what if during this same chaotic period, there is a major security incident? What makes that possibility alarming is *if it happens, we might never know about it*.

Twitter is high-profile enough that its threat model is not just "somebody publishes an exploit and teenagers wreak havoc for a day or two". Twitter is used by activists, journalists and governments, and the threat model includes "a nation-state penetrates the intranet and hijacks a legitimate employee's credentials". What worries me is a targeted attack, say, scraping a bunch of DMs by local dissidents, who all get mysteriously arrested in two weeks. Chaos makes that easier.

dramatic #caturday

Twitter, when the microservices fell.

php has gender constants and wow those sure are genders https://www.php.net/manual/en/class.gender.php

how do i see what #hashtags i've followed? #FediHelp